From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=maxchernoff.ca Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=maxchernoff.ca header.i=@maxchernoff.ca header.a=rsa-sha256 header.s=key1 header.b=o7Cy6UkC; dkim-atps=neutral Received: from out-173.mta1.migadu.com (out-173.mta1.migadu.com [95.215.58.173]) by passt.top (Postfix) with ESMTPS id 3B3BC5A026F for ; Tue, 04 Nov 2025 07:48:14 +0100 (CET) Message-ID: <09cf5958fbd89cedff7526048e0e00482334835d.camel@maxchernoff.ca> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maxchernoff.ca; s=key1; t=1762238893; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ex5M3lPijyMb5rl87xKpexkqwo4TBa3yV5M/cS1bL0w=; b=o7Cy6UkC+WVWMxdL/McmQEkjSRlozAZXBucXvd7ZeABknJIgovpkII1RECcQv1om11P7+R sQIcdN2weT1n8ZAbdhveq5HQh2CmHboTZDXJCh+GDkXoXGeZpnWmWG9sU8/+GQroVZHPV8 5k2uJNYW7GbJmn6NpgyINg18uXU+bwSC94JajiCWvfC1K3ex1Xw6/CBHck9BHsQFJcJXX+ Pfq2+A7u7MiR7qZvwghs90iCd1q72jf7+tP+VQ8uuAfuwxQi1rov94tNydbOZ7ff/jSE/b b8fu9WlV9PyflL5X1pQjO3DbW240aTJfiA7XiYPulWoMwyf7p0w0zEeW6tfoIA== Subject: Re: [PATCH v2] contrib/selinux: use regex instead of SELinux template X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Max Chernoff To: Danish Prakash , passt-dev@passt.top Date: Mon, 03 Nov 2025 23:48:06 -0700 In-Reply-To: <20251030104925.529411-1-contact@danishpraka.sh> References: <20251029001704.43f73a42@elisabeth> <20251030104925.529411-1-contact@danishpraka.sh> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-MailFrom: git@maxchernoff.ca X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: 3QL7IMBS5JH24WYRT5CLNFVQ3BSWQ7LN X-Message-ID-Hash: 3QL7IMBS5JH24WYRT5CLNFVQ3BSWQ7LN X-Mailman-Approved-At: Tue, 04 Nov 2025 10:21:30 +0100 CC: sbrivio@redhat.com, pholzing@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Danish, On Thu, 2025-10-30 at 16:19 +0530, Danish Prakash wrote: > It might be possible to avoid using SELinux template (%USERID), > and instead using regex to match user ids. This would allow > discarding the explicit restorecon call while during package builds[1]. > > Original suggestion from cathy.hu@suse.com: > > > running restorecon would be unnecessary if the passt upstream selinux > > module would not use ${USERID} in pasta.fc (gets converted to [0-9]+ an= yway) > > [1] - https://passt.top/passt/commit/?id=3De019323538699967c155c294115452= 23dadfc0f5 > > Signed-off-by: Danish Prakash > --- > contrib/fedora/passt.spec | 11 ----------- > contrib/selinux/pasta.fc | 12 ++++++------ > 2 files changed, 6 insertions(+), 17 deletions(-) > [...] I've built and installed an RPM with this patch, and I can confirm that everything works as expected. Plus, this new implementation seems much cleaner than the previous one, so this patch LGTM. Thanks, -- Max